[Git][security-tracker-team/security-tracker][master] tomcat11 fixed in sid

Moritz Muehlenhoff (@jmm) jmm at debian.org
Mon Sep 29 11:46:44 BST 2025 


Moritz Muehlenhoff pushed to branch master at Debian Security Tracker / security-tracker


Commits:
eca56b8d by Moritz Muehlenhoff at 2025-09-29T12:46:06+02:00
tomcat11 fixed in sid

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -16651,7 +16651,7 @@ CVE-2025-6186 (An issue has been discovered in GitLab CE/EE affecting all versio
 CVE-2025-5819 (An issue has been discovered in GitLab CE/EE affecting all versions fr ...)
 	- gitlab <unfixed>
 CVE-2025-55668 (Session Fixation vulnerability in Apache Tomcat via rewrite valve.  Th ...)
-	- tomcat11 <unfixed> (bug #1111099)
+	- tomcat11 11.0.11-1 (bug #1111099)
 	- tomcat10 <unfixed> (bug #1111098)
 	- tomcat9 9.0.70-2
 	NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
@@ -16753,7 +16753,7 @@ CVE-2025-50594 (An issue was discovered in /Code/Websites/DanpheEMR/Controllers/
 CVE-2025-50251 (Server side request forgery (SSRF) vulnerability in makeplane plane 0. ...)
 	NOT-FOR-US: makeplane plane
 CVE-2025-48989 (Improper Resource Shutdown or Release vulnerability in Apache Tomcat m ...)
-	- tomcat11 <unfixed> (bug #1111097)
+	- tomcat11 11.0.11-1 (bug #1111097)
 	- tomcat10 <unfixed> (bug #1111096)
 	- tomcat9 9.0.70-2
 	NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
@@ -25671,7 +25671,7 @@ CVE-2025-53542 (Headlamp is an extensible Kubernetes web UI. A command injection
 	NOT-FOR-US: Headlamp
 CVE-2025-53506 (Uncontrolled Resource Consumption vulnerability in Apache Tomcat if an ...)
 	{DLA-4244-1}
-	- tomcat11 <unfixed> (bug #1109113)
+	- tomcat11 11.0.11-1 (bug #1109113)
 	- tomcat10 <unfixed> (bug #1109114)
 	- tomcat9 9.0.70-2
 	NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
@@ -25698,7 +25698,7 @@ CVE-2025-52521 (Trend Micro Security 17.8 (Consumer) is vulnerable to a link fol
 	NOT-FOR-US: Trend Micro
 CVE-2025-52520 (For some unlikely configurations of multipart upload, an Integer Overf ...)
 	{DLA-4244-1}
-	- tomcat11 <unfixed> (bug #1109111)
+	- tomcat11 11.0.11-1 (bug #1109111)
 	- tomcat10 <unfixed> (bug #1109112)
 	- tomcat9 9.0.70-2
 	NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
@@ -34595,7 +34595,7 @@ CVE-2025-4565 (Any project that uses Protobuf Pure-Python backendto parse untrus
 	NOTE: https://github.com/protocolbuffers/protobuf/commit/17838beda2943d08b8a9d4df5b68f5f04f26d901
 CVE-2025-49125 (Authentication Bypass Using an Alternate Path or Channel vulnerability ...)
 	{DLA-4244-1}
-	- tomcat11 <unfixed> (bug #1108114)
+	- tomcat11 11.0.11-1 (bug #1108114)
 	- tomcat10 <unfixed> (bug #1108115)
 	- tomcat9 9.0.70-2
 	NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
@@ -34610,7 +34610,7 @@ CVE-2025-49124 (Untrusted Search Path vulnerability in Apache Tomcat installer f
 	NOTE: https://lists.apache.org/thread/lnow7tt2j6hb9kcpkggx32ht6o90vqzv
 CVE-2025-48988 (Allocation of Resources Without Limits or Throttling vulnerability in  ...)
 	{DLA-4244-1}
-	- tomcat11 <unfixed> (bug #1108116)
+	- tomcat11 11.0.11-1 (bug #1108116)
 	- tomcat10 <unfixed> (bug #1108117)
 	- tomcat9 9.0.70-2
 	NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
@@ -34623,7 +34623,7 @@ CVE-2025-48976 (Allocation of resources for multipart headers with insufficient
 	- libcommons-fileupload-java <unfixed> (bug #1108120)
 	[trixie] - libcommons-fileupload-java <no-dsa> (Minor issue)
 	[bookworm] - libcommons-fileupload-java <no-dsa> (Minor issue)
-	- tomcat11 <unfixed> (bug #1108118)
+	- tomcat11 11.0.11-1 (bug #1108118)
 	- tomcat10 <unfixed> (bug #1108119)
 	- tomcat9 9.0.70-2
 	NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version
@@ -39203,7 +39203,7 @@ CVE-2025-46722 (vLLM is an inference and serving engine for large language model
 	- vllm <itp> (bug #1095237)
 CVE-2025-46701 (Improper Handling of Case Sensitivity vulnerability in Apache Tomcat's ...)
 	{DLA-4244-1}
-	- tomcat11 <unfixed> (bug #1106821)
+	- tomcat11 11.0.11-1 (bug #1106821)
 	- tomcat10 <unfixed> (bug #1106820)
 	- tomcat9 9.0.70-2
 	NOTE: Starting with 9.0.70-2 src:tomcat9 no longer ships the server stack, using that as the fixed version



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eca56b8dd48c7f522985f56498dc3f16f7ed36bd

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/eca56b8dd48c7f522985f56498dc3f16f7ed36bd
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20250929/acf2bc5f/attachment.htm>

More information about the debian-security-tracker-commits mailing list